Using Speech to Combat Robocalls, ANI Spoofing, and Fraud
While not completely impenetrable, voice biometrics are a good first line of defense against telephone fraud. The technology is far from foolproof, but it does provide an added layer of protection that is far superior to basic PINs or security questions.
“Advanced methods of social engineering just add fuel to the fire,” Roncoroni says. Scammers can tap into public digital forums where people willingly display personal information, including hints that can help scammers answer security questions. “Consider this: A scary percentage of people choose city name or the mascot of their high school as the answer to a security question,” Roncoroni points out. “A quick troll through Facebook makes the answer obvious to a fraudster.”
Donna Fluss, president of DMG Consulting, agrees, pointing out just how easy it can be to “reverse-social-engineer” and access accounts. “People can go online and get so much information, it’s downright dangerous,” she says. “If you just wanted to go and look me up, you could probably find just about everything but my weight.”
Fraudsters also rely on advanced methods for toll-free traffic pumping—the act of pumping thousands, or even millions, of illegitimate calls into businesses’ toll-free numbers. Because call recipients pay for the toll-free traffic, Roncoroni explains, carriers share the costs with the connecting carriers. “There aren’t enough resources to evaluate individual calls, so businesses are forced to eat the cost,” he says.
A toll-free traffic pumper’s primary goal is to make as many calls as possible and to keep them connected for as long as possible. “To promote interconnectivity, carriers pay each other for calls they connect to one another,” Roncoroni says. Criminals know this, and so they place the free calls, staying connected for just the required length of time (which in some cases can be as little as 20 seconds), to collect the nominal subsidies. “When you’re talking about thousands or millions of calls per day, it adds up.”
Among the largest concern for telecom carriers and networks are International Revenue Share Fraud scams, Roncoroni asserts. “These scams rely on the fact that the international carrier where a call terminates collects payment from the carrier who sent that call.” Since some destinations charge more than others, fraudsters make money by striking deals with high-cost destinations and gaining illegal access to networks, private branch exchanges (PBXs), conference lines, and the like and pumping traffic into them. Fraudsters get a cut of the profits and the originating network gets stuck with the astronomical bill. Such scams are difficult to prevent because the fraud is often perpetrated across international borders and requires near-real-time detection at the network level.
Traffic pumping might not be a top-of-mind concern for consumers since they don’t eat the costs directly, but there is a trickle-down effect. “If you’ve ever waited on hold forever, had to go through rigorous security verification, or received calls from spam numbers, you can point back to this type of fraud for all of it,” Roncoroni says. “The second a consumer gets wind that a specific business is to blame, the reputation of that business is in serious jeopardy. Like insurance fraud, the consumer may not directly pay for it, but rates and premiums are increased for everyone to counteract these losses.”
There are many other forms that can harm businesses. “In most cases, all of these come back to the same objective: convince a business to answer the phone, and if necessary, convince the business that the person on the other end of the line is calling from the phone number they see on the screen,” Roncoroni says.
Why Companies Should Care
It’s no secret that data breaches make for intriguing headlines and can result in large losses for companies. We all remember the Heartbleed bug. And this was certainly the case for Target and Yahoo!, for instance, who suffered greatly for allowing customer records to get hacked. This can lead to the instant destruction of relationships that took decades to build.
U.S. banks pay millions of dollars a year to refund customers who have been victims of fraud. While companies might be able to rebuild their reputations over time, “it certainly isn’t a good look,” Roncoroni says.
Legitimate telephone marketing that relies on outbound phone campaigning has certainly suffered on account of robodialing. So much so that Fluss recommends staying away from calling, if possible. “The effectiveness of any outbound call is minimal to begin with,” she says.
Fortunately, “when we talk about robodialing, we’re not typically talking about robodialing,” Fluss says. “What we’re talking about is multichannel interaction.”
And a recent survey from DMG Consulting found that 60.2 percent of people prefer to be reached by businesses first via email compared to just 21.4 percent who said they prefer the phone as the first line of contact.
“The way it’s supposed to work with outbound today is that organizations are supposed to have the right to be able to reach out to their prospects or customers who have given them explicit rights to do that,” Fluss says. “There’s no gray area on that one. That’s supposed to be allowed. If I’m a banking customer and I said you can reach me, you can reach me.”